Aggregator

Currently trending CVE - Hype Score: 15 - The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025.

The ringleader of the Jetflicks illegal paid streaming operation, a massive service with tens of thousands of subscribers, was sentenced to seven years in prison. [...]

Просто отправь запрос — и ты уже root.

Within the space of a few days, Link11 observed a wave of DDoS attacks that stood out – not for their duration or scale, but for their surgical precision. A company in the digital entertainment sector was attacked nine times. Rather than relying on prolonged overload, the attackers opted for a “hit-and-run” strategy: short bursts […]

Der Beitrag Targeted DDoS Series: When Short Attacks Pack a Punch erschien zuerst auf Link11 - Defend. Control. Own..

关键词数据泄露澳大利亚知名时尚设计品牌 SABO 最近遭遇一场严重的数据泄露事件，超过 350 万份客户记录在

关键词网络安全一项历时逾一年的深入研究揭开了俄罗斯联邦安全局（FSB）最神秘情报单位之一——**第16中心（1

关键词间谍软件在中东局势日益紧张的背景下，一款名为 DCHSpy 的 Android 间谍软件悄然浮出水面。

关键词Windows 近日，微软面向 Windows Server 2019 系统发布了 2025 年 7 月

Security experts have been talking about Kerberoasting for over a decade, yet this attack continues to evade typical defense methods. Why? It’s because existing detections rely on brittle heuristics and static rules, which don’t hold up for detecting potential attack patterns in highly variable Kerberos traffic. They frequently generate false positives or miss “low-and-slow” attacks altogether.&

Mozilla has released Firefox 141 to address 17 security vulnerabilities, including several high-impact flaws that could potentially allow arbitrary code execution.  The Mozilla Foundation Security Advisory, announced on July 22, 2025, urges users to update immediately to protect against these critical security issues. Key Takeaways1. Firefox 141 patches critical vulnerabilities that could allow code execution.2. […]

The post Firefox 141 Released With Fix for Multiple Vulnerabilities – Update Now appeared first on Cyber Security News.

The National Nuclear Security Administration (NNSA) has fallen victim to a sophisticated cyber attack exploiting a previously unknown vulnerability in Microsoft SharePoint, marking one of the most significant security breaches targeting critical US defense infrastructure this year.  Chinese government-affiliated hacking groups leveraged a zero-day exploit affecting on-premises SharePoint installations to infiltrate over 50 organizations, including […]

The post US Nuclear Weapons Agency Breached by Hackers Using SharePoint 0-Day Vulnerability appeared first on Cyber Security News.

Microsoft was the most impersonated brand in phishing attacks during Q2 2025, accounting for 25% of all attempts, according to Check Point Research.

Brave 浏览器对 Windows 11 用户默认屏蔽了受争议的 Microsoft Recall 功能。在这之前，Signal 桌面应用也宣布默认屏蔽 Recall。Microsoft Recall 会在用户使用电脑时每几秒钟截取一次屏幕截图，提取屏幕内容将其存储在一个可搜索的数据库中。Recall 引发了隐私和安全方面的争议，微软因此进行了多项调整。Brave 官方博客称，该浏览器的重心是默认最大化保护用户隐私，根据微软的说法，浏览器的隐私浏览窗口不会被截图，因此它通知操作系统 Brave 浏览器的所有浏览窗口都是“隐私窗口”，确保标签页内容不会被记录下来。

360将发布中国首个智能体社区“纳米AI智能体社区”

CISA has issued an urgent alert regarding active exploitation of critical Microsoft SharePoint vulnerabilities by suspected Chinese threat actors.  The attack campaign, dubbed “ToolShell,” leverages a vulnerability chain involving CVE-2025-49706 (network spoofing) and CVE-2025-49704 (remote code execution) to gain unauthorized access to on-premises SharePoint servers. The sophisticated attack enables malicious actors to achieve both unauthenticated […]

The post CISA Warns of Chinese Hackers Exploiting SharePoint 0-Day Flaws in Active Exploitation appeared first on Cyber Security News.

未被所提案禁令涵盖的企业，如果计划支付勒索金则需要通知政府，寻求关于此类付款是否违反了涉及向受制裁网络犯罪团伙（很多位于俄罗斯）转移钱财的法律要求的指南。

速修复

Операция по ликвидации вредоносной платформы оказалась бесполезной?

Security researchers discovered that threat actors had uploaded three corrupted browser packages, firefox-patch-bin, librewolf-fix-bin, and zen-browser-patched-bin, to the Arch User Repository (AUR).  These packages appeared to be benign forks of popular Firefox-based browsers but secretly installed a Remote Access Trojan (RAT) by pulling and executing a script from a malicious GitHub repository.  The Arch Linux […]

The post Hackers Injected Malicious Firefox Browser Packages to Arch Linux User Repository appeared first on Cyber Security News.